Read the original article: Rumored Zero-Day Exploit for Zoom Offered for $500,000 According to multiple researchers, unnamed threat actors operating on underground markets have offered to sell exploits for vulnerabilities that they claim exist in the Zoom client for Windows…
Tag: Threat Watch – Binary Defense
One of the World’s Largest Shipping Companies Hit by Suspected Cyber-Attack
Read the original article: One of the World’s Largest Shipping Companies Hit by Suspected Cyber-Attack Late last week, the servers at the headquarters for the Mediterranean Shipping Company (MSC) in Geneva, Switzerland had to be taken offline and still remain…
Nemty Ransomware Operation Goes Private
Read the original article: Nemty Ransomware Operation Goes Private The operator behind the Nemty ransomware has announced that the group will no longer be running as a service for other criminals, choosing instead to go private. This means that the…
MBRLocker Ransomware on Rise, Taunts Researchers
Read the original article: MBRLocker Ransomware on Rise, Taunts Researchers Researchers at SentinelLabs have recently reported a surge of MBRLocker variant malware. MBRLocker malware overwrites the Master Boot Record (MBR), which handles booting the operating system on startup. By modifying…
Microsoft Patch Tuesday Takes Care of Three Zero Days
Read the original article: Microsoft Patch Tuesday Takes Care of Three Zero Days April’s Patch Tuesday this year was a rather large one with 113 different patches released that deal with vulnerabilities on 11 products, including three zero-day bugs in…
Ragnar Locker Ransomware Hits Portuguese Energy Giant
Read the original article: Ragnar Locker Ransomware Hits Portuguese Energy Giant Attackers using the Ragnar Locker ransomware have successfully encrypted the systems of the Portuguese multinational energy giant Energias de Portugal (EDP) and are now demanding 1,580 in Bitcoin ($10.9…
Dutch Police Take Down 15 DDoS-for-Hire Services
Dutch law enforcement shut down several DDoS-for-hire service providers recently. DDoS-for-hire is a destructive service offered by cybercriminals that allows anyone with enough money to hire a botnet to perform a Distributed Denial of Service (DDoS) attack against a chosen…
Zoom Accounts Sold on Darknet Likely Result of Credential Stuffing
Researchers discovered a cyber-criminal selling over 500,000 Zoom user accounts on a Darknet forum. The accounts ranged from being given away for free to less than a penny per account. According to the researchers, the accounts were not compromised through…
Quidd Account Dump Shared Publicly
Roughly four million accounts for the online marketplace Quidd have been posted for free on multiple hacking forums. According to ZDNet sources, the original breach is credited to someone going by the alias “ProTag” and has been privately advertised for…
Sodinokibi Ransomware Crew Switching to Monero for Extortion Payments
Sodinokibi: The threat group that is behind the Sodinokibi ransomware left a message on their website announcing that they will begin to accept Monero cryptocurrency for victims to pay their extortion demands and begin to move away from Bitcoin. As…
State Bank of India (SBI) Reports Duplicate Website
Customers at the State Bank of India (SBI) were warned of a new campaign being carried out that involves attackers creating a web page that looks identical to that of the real bank website. The domain, http://www.onlinesbi[.]digital, requests users to…
New Email Extortion Campaign Brings Back Old Scam Using Breached Passwords
An old scare tactic has been reenergized and is on the rise again. Attackers are circulating emails that state that the recipient’s computer was hacked, a video was taken through the victim’s webcam while viewing an adult website and the…
Chinese Nation-State Hackers Targeting Linux Servers
China: A report by Blackberry found that many Linux servers are being attacked by Chinese state-backed threat actors and have been for roughly ten years. Although only 1.7% of all operating systems across workstations and servers are Linux based, Linux…
Maropost Database Exposes 95 Million Records
The customer engagement platform Maropost recently leaked 95 million records by way of an unsecured Google cloud server. The issue was found in early February and the server was secured on April 1st. Maropost CEO Ross Andrew Paquette claimed that…
White House COVID-19 Phishing Emails
In another COVID-19 scam, the email security firm Inky has found emails that are impersonating President Trump and Vice President Mike Pence. The emails state that they are the latest “Coronavirus Guidelines for America” and prompts the recipient to click…
Microsoft Buys Corp.com Domain
In February, Mike O’Connor expressed interest in selling the “corp.com” domain with hopes that Microsoft would buy it. In early versions of Windows that supported Active Directory, the default or example domain was “corp.” This domain would be particularly dangerous…
Over 200 VPN Servers in China Hacked, DarkHotel Group Possibly Behind Attacks
DarkHotel: A campaign targeting over 200 VPN servers have been uncovered by the Chinese firm Qihoo 360. It is believed that the campaign is currently being carried out to target a number of Chinese institutions and government agencies. The campaign…
New “Dark_nexus” Botnet Used for DDoS
new botnet named “Dark_nexus” that compromises Internet-of-Things (IoT) devices appeared about three months ago and has taken control of at least 1,300 bots so far, according to researchers from Bitdefender. The malware code contains some references to other well-known botnet…
Fake Zoom Installers Distributing Malware
With increased numbers of remote workers installing video conferencing applications, attackers have found a new way to spread their malicious programs. Researchers have found that attackers are creating installers for Zoom video conferencing that also install malware. The researchers at…
Patched Safari Flaws Allowed Silent Webcam Access
Last week, security researcher Ryan Pickren published a blog post detailing many bugs in the Safari browser for Mac and iOS. Pickren noticed that when viewing the currently-open websites, Safari was ignoring the URI scheme (http://, https://, ftp://). After experimenting…
Researchers Discover Ten New TrickBot Modules
Originally posted by user @Dashowl and confirmed by Vitali Kremez of SentinelLabs, ten new modules used by the TrickBot malware have been uncovered, adding or updating some dangerous features to its capabilities. TrickBot continues to be a serious threat to…
Anonymous’ OpIsrael Likely to be Much Smaller This Year
Anonymous (OpIsrael): Research by Binary Defense analysts indicates that the Anonymous Collective has been carrying out a much smaller build-up to their annual April 7th “OpIsrael” campaign than usual this year. OpIsrael is one of the few remaining operations by…
Unprotected Elasticsearch Servers Being Wiped
Over the course of the past two weeks, an unknown hacker has been breaking into unprotected Elasticsearch servers and deleting all of the data. These attacks seem to have started around March 24th according to security researcher John Wethington. It…
New Magecart Attack Against 19 E-Commerce Sites
Magecart Group 7: Researchers at RiskIQ have outlined a new Magecart campaign they found affecting at least 19 e-commerce sites, which they have attributed to Magecart Group 7. Magecart is the umbrella term for multiple threat actors that compromise e-commerce…
New Coronavirus-Themed Malware Locks Users Out of Windows
With schools closed, some students are having fun creating malware to keep themselves occupied. Such appears to be the case with a variety of new MBRLocker variants being released, including one with a coronavirus theme. MBRLockers are programs that replace…
LimeRAT Leveraging Read-Only Excel Files to Disguise Exploit Code
A new campaign has been discovered which is leveraging Excel files encrypted using the default password “VelvetSweatshop” to infect machines with LimeRAT. The technique of setting an Excel file to “read-only” using the default password to encrypt an Excel file…
Zoom Addressing Recent Concerns
The video conferencing app Zoom has exploded in popularity with much of the world beginning to work from home. With the recent rise in popularity, however, came increased scrutiny and the attention of security researchers. In response to recent concerns…
Demystifying the Loncom Packer
Researchers at Kaspersky have released a technical analysis report detailing a malware packer named Loncom. This packer uses NSIS software for packing and loading shellcode and has been seen loading malware used by Advanced Persistent Threat (APT) groups. Microsoft’s Crypto…
Marriott Data Breach
Marriott International, a huge international hotel chain, has released information on a data breach that has affected roughly 5.2 million guests. In the release, they stated that at the end of February 2020, Marriott noticed that an “unexpected amount of…
Clicking Malicious Links in Zoom Client on Windows Can Leak Network Login Credentials
Video conferencing services, including Zoom, have become increasingly popular since many more employees are working remotely. Security researcher @_g0dmode is credited for discovering a potential attack vector against Zoom users that was later verified by UK security researcher Matthew Hickey.…
North Korean Hackers Resume Campaign After December Takedown
APT37/Geumseong121: A Microsoft operation in December 2019 took down 50 websites known to be affiliated with North Korean threat group APT37. According to researchers from South Korea-based security company ESTsecurity Response Center (ESRC), they have now found a new campaign…
Unknown Hacker Takes Control of Multiple YouTube Channels to Spread Bill Gates-Themed Ponzi Scheme
Unknown: A currently unknown hacker has taken over multiple YouTube accounts and renamed them to match Microsoft brand names. The accounts, with names including Microsoft News and Microsoft US, were used to post crypto-currency investment videos featuring a speech given…
Source Code for Dharma Ransomware Posted for Sale
According to ZDNet, the source code for Dharma has been posted for sale on two forums for just $2,000. Considering how much money criminals have extorted using Dharma, this represents a very low price for the source code. From November…
App Offers $1 Million for Information Leading to Culprit Behind Alleged Smear Campaign
The makers of Houseparty, a social media app used for conference video calls are offering a reward of $1,000,000 USD to anyone able to unmask the entity behind what they allege is an ongoing smear campaign. Many posts on social…
Coronavirus Email Leads to Malware Spread
New scams involving the Coronavirus continue to arrive on a daily basis. This specific campaign involves a threat actor posing as someone who works at a nearby hospital. The email states that the recipient has been in contact with someone…
Remote Workers Being Targeted by IT Related Scams
AppRiver recently discovered a phishing campaign that targets remote workers using emails appearing to be from their company’s IT department. The email stated that the IT department was in the process of building a portal that allows employees to keep…
Russian-Speaking Hackers Behind Attacks on Pharma and Manufacturing in Europe
Silence/TA505: Malware samples uploaded to VirusTotal in early February are believed to have been used in attacks against pharmaceutical and manufacturing companies in Europe. The uploaded samples were identified as “Silence.ProxyBot” and updated versions of “Silence.MainModule,” leading researchers to attribute…
Maze Ransomware Group Adds Cyber-Insurance Firm Chubb to Their Victim List
Maze: The website utilized by the Maze ransomware group has added Chubb, a cybersecurity insurance provider, to their list of claimed victims. Currently, the listing only shows the company name and contact information for three senior executives—sample data is listed…
WordPress Sites Infected by Modified Coronavirus-Themed Plugins
Threat actors behind the WP-VCD family of WordPress infections have started to distribute modified versions of Coronavirus-themed plugins. These plugins create backdoors on infected sites and are designed to display popups, redirect visitors, or inject malicious advertisements in attempts to…
Threat Actors Spreading Dangerous “Google Chrome Update”
Analysts at Dr. Web, a Russian anti-virus company, have uncovered a campaign that has tricked victims into downloading malware disguised as a Google Chrome update. Using multiple compromised WordPress sites, the threat actor embedded a JavaScript redirection script, sending visitors…
Dark Web Hosting Provider Daniel’s Hosting Hacked for Second Time in 16 Months
One of the world’s largest free Dark Web hosting providers, Daniel’s Hosting (DH), decided to suspend operations after it was hacked for the second time in 16 months. The provider’s entire database was deleted, causing 7,600 dark web portals to…
Tupperware Site Hacked to Steal Credit Card Numbers
The world-famous storage solution provider Tupperware has had its website compromised by attackers to steal credit card payment details at checkout. Discovered by Malwarebytes researchers, the cybercriminals used a method that is different than recent attacks against online shopping checkout…
New Milum RAT Used in WildPressure Campaign
A new remote access trojan (RAT) name Milum, which had no similarities to any other known malware, was discovered in a campaign targeting organizations in the Middle East. The campaign has been dubbed WildPressure and appears to have started in…
Home Routers’ DNS Settings Are Being Hijacked
Over the last few days, some members of the BleepingComputer forum began to report their web browser opening on its own and displaying a message for the user to download malware disguised as a “COVID-19 Inform App,” which falsely claimed…
APT41 Carries Out Global Campaign Leveraging Multiple Exploits
Analysts at FireEye have identified a massive campaign run by the Chinese-backed APT41 threat group targeting multiple business sectors. This campaign leverages many vulnerabilities in products typically used by businesses in order to gain a foothold on enterprise systems. The…
WHO Targeted by Espionage Attempt Believed to be Linked to DarkHotel Threat Group
DarkHotel: The World Health Organization (WHO) has been dealing with a significant increase in cyber-attacks while also attempting to deal with the current COVID-19 pandemic. According to officials at the WHO, the number of cyber-attacks targeting the agency has doubled…
Microsoft Aware of Two Critical RCE Bugs, Won’t Patch Until Next Patch Tuesday
Microsoft released a security advisory stating that they are aware of a Type 1 font parsing remote code execution (RCE) vulnerability affecting all versions of Windows, including Windows Server. The bugs exist when Adobe Type Manager Library improperly handles a…
Fake Corona Anti-Virus Software
The MalwareHunterTeam has identified another attack that is using the Corona Virus as a way to trick people into downloading malicious software. They identified the site “antivirus-covid19[.]site” that pretends to provide anti-virus software for a donation. If someone clicks the…
Cracked Version CobaltStrike 4.0 Now Available to Threat Actors
While hunting for malware on VirusTotal on March 20th, Binary Defense analysts discovered a fully functioning copy of CobaltStrike 4.0 which apparently had been cracked to remove its software licensing restrictions. On March 21st, a Chinese software pirate published an…
Windows Defender Skipping Files During Scans
After the March 10th Patch Tuesday update, many Windows users began to question a Windows Defender notification telling them that certain files had been skipped during a scan. Windows Defender has a feature that gives administrators the choice to exclude…
Maze Ransomware Operators Compromise Medical Research Facility Assisting With COVID-19 Vaccine Testing
Maze: The operators behind the Maze ransomware appear to have already gone back on their word after promising not to target medical facilities during the global COVID-19 pandemic. Last week, the criminal groups that use Maze and DoppelPaymer stated that…
VMWare Fusion Patch Found to Be Incomplete
Recently VMWare released a patch for the flaw tracked as CVE-2020-3950 that affected Fusion, Remote Console (VMRC) and Horizon Client for Mac. However, while the vulnerability has been fixed for VMRC and Horizon Client, the patch does not completely fix…
TA505 Targeting HR Departments in Germany
TA505: A new attack, believed to be attributed to the threat group TA505, is targeting Human Resource departments within organizations located in Germany. Using Business Email Compromise (BEC) style of phishing attacks, the group is utilizing trojanized disk image files…
Rogers Data Breach
The Canadian Internet Service Provider (ISP) Rogers Communication has started to notify customers of a data breach that exposed personal information due to an unsecured database. In the notification posted to their site, Rogers Communications stated that they learned of…
France Warns of New Ransomware Gang Targeting Government Agencies
CERT France has released an alert this week regarding a new variant of the Mespinoza ransomware strain, also known as Pysa. The operators of this ransomware, who previously attacked large businesses, have now started targeting French government organizations. Using brute-force…
Trend Micro Patches Multiple Vulnerabilities
According to a security bulletin by Trend Micro, multiple critical vulnerabilities were recently discovered with the company’s Apex One and OfficeScan XG products. Two of the vulnerabilities (CVE-2020-8467 and CVE-2020-8468) were considered to be zero-days due to observed exploit attempts…
Some Ransomware Operators Vow to Leave Healthcare Alone During COVID-19 Crisis
Lawrence Abrams of Bleeping Computer reached out to the operators behind some of the most prevalent ransomware this week. His question was a simple one: “Will you continue to target health and medical organizations during the COVID-19 pandemic?” So far…
New Nefilim Ransomware
A new ransomware, named Nefilim, has been found and appears to have been active since February 2020. Nefilim shares much of the same code as the Nemty ransomware but has removed the ransomware-as-a-service component and has also changed to using…
TrueFire Guitar Teaching Website Fell Victim to Magecart-Style Attack
Magecart: TrueFire, which is an online tutoring website that teaches guitar, has alerted its customers that their data was exposed to unauthorized parties. TrueFire stated that they do not store credit card information on their website, but threat actors managed…
APT36 Using Coronavirus “Health Advisory” Lures to Spread Crimson RAT
APT36/Pakistan: Pakistani-linked APT36 is using spear phishing to take advantage of the current coronavirus news to spread malware dubbed Crimson RAT. Crimson RAT can steal credentials from browsers, capture screenshots, collect anti-virus software information, and list the running processes, drives,…
VMware Released Security Updates
On March 17th, VMware released security updates that dealt with Denial-of-Service (DoS) and high severity privilege escalations in VMware Workstation, Fusion, VMware Remote Console, and Horizon Chat. The two flaws, tracked as CVE-2020-3950 and CVE-2020-3951, are believed to come from…
Coronavirus Tracking App Serves Android Ransomware
Researchers at DomainTools have identified a malicious domain (coronavirusapp[.]site) that is used to trick victims into downloading a malicious Android app. While this app claims to provide real-time tracking and statistics about the Coronavirus outbreak, in reality, the only thing…
Argentinian Government’s Trust in Blockchain Used Against Them
In 2016 Argentina’s government chose to enact legislation that made digital transmissions of their Boletín Oficial, or Official Gazette, legally valid because of their trust in the blockchain technology used to authenticate its transmission. That trust was exploited recently when…
Slack Fixes Session Hijacking Vulnerability
Evan Custodio, a researcher using the HackerOne bug bounty platform, reported a critical vulnerability to Slack in November of 2019. Custodio’s finding was an HTTP smuggling attack. This type of attack can arise when a front-end server or application forwards…
European Shoppers Information Exposed
Over the weekend, researchers from Comparitech discovered a large database that contains millions of records about European customers left unsecured on Amazon Web Service (AWS). A total of eight million records that belong to companies including Amazon, eBay, Shopify, PayPal,…
Ancient Tortoise BEC Scammers Using Coronavirus Fear in Attacks
Ancient Tortoise: Ancient Tortoise, a Business Email Compromise (BEC) cybercrime group, began using Coronavirus themed emails to trick users into transferring funds. Researchers at Agari exchanged email messages with the threat actors as part of an ongoing BEC scam investigation.…
Czech Hospital Hit With Cyber Attack Amidst Coronavirus Testing
University Brno Hospital in the Czech Republic was forced to close its doors on Friday after a cyberattack struck. This is quite unfortunate as the hospital was one of the larger testing centers for COVID-19 in the country and the…
Avast Disables Buggy JavaScript Engine
On March 4th, Avast antivirus was alerted to a vulnerability in its JavaScript emulation engine by researcher Tavis Ormandy. Just a few days later, Ormandy released a tool on GitHub that made analyzing the engine easier. Avast’s JavaScript engine ran…
Microsoft Releases Security Patch for Critical Vulnerability in Windows 10 and Server 2019
Microsoft released an emergency security patch on March 12th to correct a critical vulnerability in Server Message Block (SMB) version 3, which is used for file sharing and other core network capabilities in Windows 10 and Windows Server 2019. Attackers…
Open Exchange Rates Suffers Data Breach
The online service provider Open Exchange Rates announced this week that they have suffered a data breach. Open Exchange Rates provides a service used by a number of large companies that allows them to look up currency exchange rates. The…
Turla Using a New Backdoor in Watering Hole Attack
Turla: Researchers from ESET have discovered a new watering hole attack being carried out by Turla targeting several high-profile Armenian websites. Turla is a well-known Russian espionage group that has been tracked for over ten years; researchers stated that several aspects…
Otterbein University Suffers Malware Attack Shortly After Announcing All Online Classes
Due to COVID-19, Otterbein University and many others in the state of Ohio have decided to shift to all online classes. Shortly after this was announced by the university, a malware attack struck their network. University officials do not have…
Cookiethief Android Malware
Researchers from Kaspersky have discovered a new malware, dubbed Cookiethief, that uses a combination of exploits that gain root access, then steal Facebook cookies from Android devices. Cookies are small pieces of data that are used to track and identify…
Deer[dot]io Operator Arrested by FBI
The FBI has arrested Russian national Kirill Victorovich Firsov for his role in the operation of the criminal eCommerce sire deer[dot]io. Deer[dot]io operated similarly to legitimate eCommerce platforms like Shopify, which allows users to create and operate their own shops…
Coronavirus Map Used to Lure Victims to Install Malware
Researchers from Reason Labs reported that attackers are designing websites that display updated maps of the spread of Coronavirus. The websites prompt viewers to download and run a Windows application to keep up to date on the latest information, but…
Microsoft Issues Security Advisory for SMBv3
Microsoft has released a security advisory for a remote code execution vulnerability recently discovered with SMBv3, the protocol commonly used within businesses for file sharing. To exploit an SMB server, an unauthenticated attacker only needs to send a specially crafted…
$30 Million Ransom Demand at Australian Car Auction Company
Manheim Auctions, Australia’s largest car auction house, released a statement that it was the victim of a month-long cyber-attack and has now received a $30 million-dollar ransom note to remove the infection from its over 1000 servers and decrypt the…
New Version of njRAT Spread by Mysterious Group
Unknown: Cybereason, a cybersecurity firm, published a report describing a new version of the Remote Access Trojan njRAT being distributed through trojanized hacking tools by an unidentified threat group. The group has attempted to gain backdoor access to the computers…
European Network of Transmission System Operators for Electricity (ENTSO-E) Confirms Security Incident
On Monday, the ENTSO-E confirmed that its IT network had been intruded into. Fortunately, the office network that was compromised did not have connections to any operational electric transmission system, which means the attack only affected IT systems and not…
Defense Contractor Taken Offline by Ransomware
Communications & Power Industries (CPI), a major electronics manufacturer for defense contracts, has confirmed that they were the victim of a ransomware attack. The company fell victim to ransomware in mid-January and opted to pay the ransom of $500,000 but…
Microsoft Exchange CVE-2020-0688 Under Active Exploit
As part of their Patch Tuesday schedule, Microsoft recently released updates for a remote code execution vulnerability affecting Exchange 2010, 2013, 2016 and 2019 (CVE-2020-0688). Two weeks after a patch was released, Trend Micro’s Zero Day Initiative released a blog…
City of Durham, NC Shut Down Network After Ryuk Ransomware Attack
Over the past weekend, the city of Durham, North Carolina was the victim of a ransomware attack and had to shut down a significant portion of its network. According to a statement from officials, Durham “temporarily disabled all access into…
Virgin Media Data Breach
Virgin Media, a leading cable operator in the UK and Ireland, announced today that the personal information of roughly 900,000 customers was accessed without permission. According to an ongoing investigation, a misconfigured and unsecured marketing database has been publicly accessible…
Brazilian Security Firm Leaks Over 25GB of Data
Orsegups Participacoes, a Brazilian physical security company, exposed over 25GB of files through an unsecured Amazon Simple Storage Service (S3) bucket. The documents stored on the server included tax documents, receipts, payment slips, and a series of invoices for clients,…
Remote Code Execution Vulnerability in ManageEngine Desktop Central
On March 5th, a functional exploit for an unpatched vulnerability in ManageEngine Desktop Central was published by security researcher Steven Seely. The exploit allows attackers to upload files and remotely run commands with SYSTEM permissions, without any authentication required. Desktop…
Mokes and Buerak Malware Disguised as Security Certificate Updates on Websites
While the method of distributing malware by making it look like a real software update is not new, threat actors are using a new twist to this method, trying to pass off the Buerak and Mokes malware on compromised sites…
Bug in Intel Chips Much Worse Than Previously Thought
Discovered and identified last year as CVE-2019-0090, a bug in Intel’s Converged Security and Management Engine (CSME) could grant attackers access to the Chipset Key, which is the root cryptographic key that can be used to access everything on a…
Epiq Global Infected by TrickBot, Ryuk
On March 2nd, legal reporter Bob Ambrogi shared that Epiq Global, a legal services company, recently took their systems offline globally in response to a security incident. A source for BleepingComputer revealed that the incident began with a TrickBot infection…
T-Mobile Discloses Second Security Breach in Six Months
T-Mobile announced yesterday news of a security breach that affects both customers and employees. According to the statement made by T-Mobile, an attacker targeted their email vendor which allowed for unauthorized access to “certain T-Mobile employee mail accounts.” The compromised…
More Than Three Million TLS Certificates to be Revoked by Let’s Encrypt
Let’s Encrypt, the non-profit certificate authority, recently found a bug in their Boulder software that is causing over three million TLS certificates to be revoked. The bug was causing certificates to not be validated correctly by the Certificate Authority Authorization…
Attackers Use Cloud Backups Against Companies
Secure and complete backups are the primary defense once a system gets infected with ransomware. If the cloud backups are not configured properly, they can be used against the victim. Security researcher Lawrence Abrams recently reached out to the DoppelPaymer…
Chinese Cyber-security Firm Accuses CIA of Hacking China for 11 Years
China: The Chinese cybersecurity firm Qihoo released a report accusing the CIA (Central Intelligence Agency) of being behind multiple cyber-attacks targeting Chinese entities. Targets of the attacks were located in Beijing, Guangdong, and Zhejiang and dealt with a range of…
Multiple WordPress Plugins Under Active Attack
Several WordPress plugins, some installed on hundreds of thousands of sites, are currently under active attack. This represents an increase in attacks on WordPress sites compared to the last few months. While many of the exploit attempts targeted recently patched…
Compromised Passwords Found on Servers Used for Sextortion Attacks
On March 2nd, 2020, Have I Been Pwned (HIBP) sent out breach notifications relating to credentials found on a server referenced by IP address, instead of Pastebin or other paste sites. Since this was an unusual breach notification, Binary Defense’s…
Tesla, Boeing, Space-X, Lockheed Martin and More Compromised Through Attack on Contractor
DoppelPaymer: Last week the ransomware threat group DoppelPaymer posted to their Twitter account that data from Tesla, Boeing, Space-X, and Lockheed Martin would be posted to DoppelPaymer’s website soon. Their Twitter account has since been suspended but their websites on…
Kenneth Cole Fashion Firm Threatened by Sodinokibi Ransomware Operators
Under the Breach researchers first reported the news that the Sodinokibi (also known as REvil) ransomware group were threatening to release around 60,000 customer-related documents and nearly 70,000 financial and work documents allegedly stolen from the company Kenneth Cole. The…
TA505 Targeted South Korean Banks in 2019
TA505: The Russian speaking threat actor TA505 spent most of the 2019 year targeting banks in South Korea according to the researchers from the Financial Security Institute. Utilizing malicious attachments and ransomware, TA505 carried out phishing campaigns against South Korean…
Walgreens Data Leak
On January 15, 2020, the popular drugstore chain Walgreens discovered an error within their mobile app that allowed some personal messages from Walgreens to be viewable by other users of the app. Some of the affected messages included health-related messages–including…
Sodinokibi Operators Brainstorming New Extortion Ideas
A new forum post by the Sodinokibi operators show they are doubling down on their efforts to coerce victims into paying the ransom. Although the group had already begun to follow in the footsteps of others by posting stolen data,…
Authentication Company Transmit Security Compromised
This week, the security company Transmit Security notified their customers that the firm had suffered a data breach. The breach included information for over one thousand accounts, including email addresses, passwords, phone numbers, and “other sensitive information” according to the…